- China’s National Vulnerability Database Warns Claude Code Contains Spyware
- Alibaba recently banned the use of Claude internally due to user tracking fears.
- Anthropic says it is designed to prevent model distillation and illegal use
China has accused Anthropic’s Claude code of containing what it describes as “backdoor security vulnerabilities” after the country’s National Vulnerability Database (CNVDB) found mechanisms capable of transmitting user information to Anthropic’s servers without the user’s explicit permission.
Researchers accuse the software company of collecting information such as user identity, geographic location, system environment information, and other machine metadata.
The so-called “backdoor” poses risks of data leaks, intellectual property exposure and other business risks, hence Alibaba’s recent decision to ban Claude Code internally.
China supports Alibaba’s accusations regarding Claude Code and Anthropic
Alibaba engineers reverse engineered Claude Code to reveal checks of Chinese system time zones, proxy servers, AI lab infrastructure, and network characteristics.
Chinese authorities are now advising users to uninstall vulnerable versions in order to upgrade to newer versions that remove or modify this behavior. CNVDB claims that versions 2.1.91 to 2.1.196 are affected,
Although Anthropic rejected claims that Claude Code contained malicious spyware or an intentional spying backdoor, it admitted that these features acknowledged this, describing the goal as an anti-abuse experiment. Anthropic is concerned about unauthorized reselling and model distillation, something it has previously accused Alibaba of.
VPNs, proxies, cloud workarounds, and international subsidiaries have also sprung up to allow developers to access otherwise restricted tools, hence Anthropic’s work to block access where it is restricted.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




